1. Technical Field
The present invention relates to a technique for adding partial protection (such as encryption) to a program so that the contents of a protected portion that is included in the program cannot be read.
2. Related Art
In a related art in this field, as shown in FIG. 1, marks (or codes for decryption) 112, 116 are inserted manually before and after a section 114 to be protected within a source code 100, a source code 110 after the insertion process is passed to a compiler and compiled, and an object code 120 that results is passed to a linker and a linking process is performed. An encryption tool is then applied to an object code 130 that results after the linking process. The encryption tool encrypts a section 134 to be protected in accordance with marks 132, 136 within the object code 130 (so that the encryption yields an encrypted code 144) and replaces the marks 132, 136 with a binary code (a decryption code 142) for decryption processing to finally generate an executable code 140.
Furthermore, another related technique inserts, instead of the marks in the above-mentioned related technique disclosed, a decryption code in the form of a function for decrypting the encrypted code. Briefly, in this technique, as shown in FIG. 2, a decryption function 212 is inserted manually before a section 214 to be protected within a source code 200 and a function 216 to indicate the end of an encrypted section is inserted manually after the section 214, a source code 210 after the insertion process is passed to a compiler and compiled, and an object code 220 that results is passed to a linker and linked to necessary code, such as an object code 230 for a decryption function. As a result, this generates an object code 240 including plain text of a section 244 to be protected following an instruction 242 that calls a decryption code 246. An encryption tool is then applied to an object code 240 that results after the linking process. The encryption tool encrypts the section 244 to be protected within the object code 240 (so that the encryption yields an encrypted code 254) to finally generate an executable code 250. If the executable code is executed, an instruction 252 causes a decryption code 256 to be called and executed so that the encrypted code 254 is decrypted and executed.
The above-mentioned related arts both achieve a function to partially protect a program in executable form. However, compilers generally perform code optimization in the code execution sequence. Since the execution sequence in code sections changes due to code optimization, another code section might stray into a code section to be encrypted or part of a code section to be encrypted might be moved outside to another location. Thus, since a section not intended for encryption might end up being encrypted together with the section that was intended for encryption or a section that was intended for encryption might end up outside the scope of the encryption and not being encrypted, there is a risk of creating a program that does not operate properly, for example, a program that runs away out of control. Although the careful creation of source code so as to prevent any change in the execution sequence in the section to be encrypted due to optimization is not necessarily impossible, it does force a large burden on the programmer.